Security Basics mailing list archives

RE: Web apps code testing

From: Dean Saxe <Dean.Saxe () DigitalInsight com>
Date: Thu, 18 Mar 2004 12:29:53 -0500

That will only scan the server, not the code, for vulnerabilities.  I
believe the OWASP had a Java code scanner project in the works.  You may
also want to test the application with a product like WebInspect by
SPIDynamics (www.spidynamics.com).

-dhs

-----Original Message-----
From: Sistemas Aurensis-Sys Sec [mailto:syssec () aurensis com]
Sent: Thursday, March 18, 2004 2:29 AM
To: security-basics () securityfocus com
Subject: Web apps code testing


You can try nikto.
Nikto is a web server scanner which looks for over 2000 potentially
dangerous files/CGIs and problems on over 200 servers

http://www.cirt.net/code/nikto.shtml

-----Mensaje original-----
De: Marty [mailto:groupecci () yahoo ca]
Enviado el: miércoles 17 de marzo de 2004 1:51
Para: Sec Basic
Asunto: Web apps code testing


Hi,

I have the complete code (Java) for a website our
development team just completed.

Is there a tool I can use to make sure the code
is secure?

Thanks!

Marty

__________________________________________________________
Lèche-vitrine ou lèche-écran ?
magasinage.yahoo.ca

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

Web apps code testing Marty (Mar 17)
- RE: Web apps code testing Yvan Boily (Mar 17)
- <Possible follow-ups>
- Web apps code testing Sistemas Aurensis-Sys Sec (Mar 18)
- RE: Web apps code testing Dean Saxe (Mar 19)
  - RE: Web apps code testing Yvan Boily (Mar 22)